Lead Application Security Architect (Hybrid)
This is a hybrid role. The first three months are fulltime in the office.
Our Team
Manage the activities of a team of Application Security specialists across multiple projects and collaborate across multiple business lines and technical domains in the architecture function to execute critical initiatives of the function. Expertise is applied cross-functionally to drive the ideation, adoption, and implementation of technical methods within various teams and aid the firm in remaining at the forefront of industry trends, best practices, and technological advances in application cybersecurity. Must work seamlessly with the Eversource developers to ensure the successful adoption of required security approaches and capabilities.
Essential Functions:
Cultivate security culture with your product technology and business colleagues. Build a vision around the next level of security maturity for application developers, with inputs from the security organization and work with Cyber Security leadership to deliver on that idea. This vision must enable business outcomes and continuously raise the security bar and not one or the other. Serve as an application security thought leader. Learn from your many projects and cybersecurity teams and share best practices in both directions. Be recognized in the enterprise as the clear point of escalation and subject matter expert for Application Security and associated IT Risk. Serve as a cyber risk advisor to the leadership team and help prioritize initiatives with the greatest ROI. Act with urgency managing emerging issues. Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause/key themes. Enable and partner with application architects and engineering leaders to design secure, scalable, and resilient applications. Leads Application Security for multiple cybersecurity architecture and process implementations across business lines to achieve security objectives. Fosters a culture of innovation, collaboration, and continuous improvement within the Application Security team. Acts as the primary interface with senior leaders, stakeholders, and executives to drive consensus across competing cyber security objectives.Technical Knowledge/Skill/Education/Licenses/Certifications:
Technical Knowledge/Skill:
Has experience with and is fluent in expressing security concerns within the following languages: VB .Net, Python, YAML, Terraform Exhibits an exceptional degree of ingenuity, creativity and/or resourcefulness. Applies extensive organizational and/or project management expertise and has full knowledge of other related disciplines. May be viewed as expert within a given field. Formal training or certification on software engineering concepts and 5+ years applied experience. Experience running teams of architects that design cybersecurity solutions operations on cloud-based platforms and applications. Hands-on practical experience delivering enterprise level planning, design, and implementation of enterprise-level security solutions and controls related to: Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning) Modern Security Engineering/Architecture practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration, OWASP Top 10) Solution Development & Delivery Hands-on practical experience in cybersecurity architecture that can be applied and repeated across businesses, functions, and systems. Experience reviewing and securing cybersecurity products and solutions for public cloud-based applications and infrastructure, external-facing web-based solutions, and mobile. Experience growing and leading large, cross-functional teams of technologists. Subject matter expertise in multiple security domains (e.g., mobile, application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security, etc.) Demonstrated prior experience influencing across highly matrixed, complex organizations and delivering value at scale. Experience leading complex projects and supporting system design, testing, and operational stability. Experience hiring, developing, and recognizing talent.Education:
Bachelor’s Degree in Engineering, Computer Science, Data Science, Information Technology or related experience
Experience:
10 years related experience that includes 5 years of Senior level cyber security experience and:
Experience in Cross Domain Solutions Familiarity with Zero-Trust Architecture Must have excellent communications and interpersonal skills and should be able to convey technical aspects to personnel who may not be well-versed in those areas. Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC, CIP). Exposure to projects using an Agile methodology and DEVSECOPS environment. Experience leading mid to large security initiatives and managing small teams. Should have experience scripting and coding.Licenses & Certifications:
Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) or prominent independent organization such as ISC2. Systems Security Certified Practitioner (SSCP) certification Certified Information Systems Security Professional (CISSP)Working Conditions:
Must be available to work emergency restoration assignment as required.Must be available to travel between MA/CT/NH as necessary.Mental Aspects:
Leadership Behaviors/Competencies:
Set and Communicate Direction and Priorities
Communicate priorities and goals (company, department, team)Show how employee’s work fits inProvide business updates, newsCommunicate, communicate, communicateBuild Trusting Relationships
Role model honesty/integrity in communication and actionBalance “getting results” with concern for individual needsHave honest dialogue with employees; get to know themManage and Develop People
Set realistic performance objectives and expectationsGive ongoing, honest feedback; coach for successRecognize good performanceVisit crews in the fieldRemove obstacles to day-to-day performanceProvide tools, information, trainingFoster Teamwork and Cross-functional Collaboration
Encourage cooperation/remove obstacles between work groups/departmentsEncourage collaboration/peers helping peersCreate a Diverse, Inclusive Workforce
Ask for employee input on work process/practice improvements and before implementing change that will affect themEncourage ideasLead Change
Deliver effective, positive communications about change to your teamExhibit a “can-do” attitude to successfully implement changes in priorities and work processesRespond positively to new demands or circumstancesFocus on the Customer
Ensure that everyone on the team understands our customer promise and provides superior customer serviceBe a role model for the team on delivering superior customer serviceCompensation and Benefits
Eversource offers a competitive total rewards program. The annual salary range for this position is $151,700 to $168,560.00, plus incentive. Salary is commensurate with your experience. Check out the career site for an overview of our benefits.
Worker Type:
RegularNumber of Openings:
1EEO Statement
Eversource Energy is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.
VEVRRA Federal Contractor
Emergency Response:
Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you will be given an Emergency Restoration assignment. This means you may be called to assist during an emergency outside of your normal responsibilities, work hours and location.